Skip to main content
Meet NetWitness at RSA Conference 2024!
Stop by our booth #254 or book a meeting with an expert. Reserve Your Spot Today!
Products & Solutions

NetWitness – A Brief History of an Iconic Threat Detection & Response Platform

  • by Arthur Fontaine

After years of delivering cutting-edge cybersecurity solutions to some of the world’s business leaders and innovators, NetWitness is poised to embark on a thrilling new chapter. What began nearly a quarter-century ago as a U.S. government research project aimed at analyzing network traffic for security is now taking a bold leap into the future.

Throughout its history, NetWitness has dedicated itself to overcoming industry challenges by delivering unparalleled visibility, robust contextualization, and automated, actionable insights. Over the years, these capabilities have empowered security teams to confront even the most sophisticated cyberattacks. As a result, NetWitness has consistently stood as the go-to solution for the largest and most security-conscious organizations globally.

Today, NetWitness is still a company profoundly committed to revolutionizing threat detection, investigation, and response.

NetWitness’s past will always drive the company’s commitment to cybersecurity forward, no matter the direction. But with newfound independence from RSA and Dell EMC, NetWitness will have the agility and flexibility to expand its offerings, explore new market opportunities, and invest in research and development. Ultimately, the next era of NetWitness will accelerate its growth and continue providing exceptional cybersecurity services to its clients.

“My vision for NetWitness is to create a purpose-driven company that’s going to have the greatest possible societal impact.” 

– Ken Naumann, CEO, NetWitness

Through its long and storied existence, NetWitness has fought for the good side in one of history’s most dynamic contests: the war between the black hats and the defenders. This is the story of that evolution.

The Early Years

NetWitness was conceived in 1997 as a research project under the stewardship of CTX Corporation, a Vienna, VA-based consultancy, where most employees held Top Secret security clearance. This innovative platform was custom-built to assist analysts decipher large volumes of captured network data.

Recognizing its immense potential, CTX saw value in the technology across various use cases and gained permission to deploy it in different engagements. In 2002, CTX was acquired by ManTech International Corporation, which further refined the technology to aid federal law enforcement agencies in criminal investigations.

By 2006, ManTech launched NetWitness as a privately-held spinout, introducing its network analysis technology to the global commercial market. NetWitness emerged as a packaged software solution, swiftly gaining adoption by some of the world’s premier organizations, many of which still rely on its capabilities today. As a private entity, NetWitness realigned its development efforts, crafting an enterprise solution that addressed the evolving needs of the cybersecurity landscape.

RSA Investments & The Advent of SIEM

The year 2006 also marked a significant milestone for RSA Security. Independent since its founding in 1982 by legendary encryption scientists Ron Rivest, Adi Shamir, and Leonard Adleman, RSA Security was acquired by EMC. It operated as RSA, the Security Division of EMC, until 2016, when Dell and EMC merged to form Dell EMC. RSA continued to operate as an independent unit of Dell Technologies until 2020, when it transitioned into an independent organization, acquired by a consortium led by Symphony Technology Group (STG).

In 2011, RSA acquired NetWitness, bringing it into the fold alongside the RSA enVision SIEM. During this period, enVision was a leader in the evolving SIEM market. Initially compliance-focused, SIEM logs were increasingly utilized for security analytics. Recognizing this shift, RSA merged enVision and NetWitness, expanding NetWitness’s enterprise reach, enhancing deep packet inspection, and enabling log parsing in a common metadata language.

Remaining true to its consultancy-based origins, RSA Professional Services introduced Incident Response (IR) services based on NetWitness. RSA’s expert threat hunters continue to deliver high-end IR services, collaborating closely with customers globally. This real-world experience continuously enriches NetWitness’s product development, which is vital to its sustained leadership and relevance over the years.

Evolved SIEM

In 2018, NetWitness’s evolution continued with the acquisition of Fortscale, a pioneer in User Behavior & Entity Analytics (UEBA). Security Orchestration, Automation & Response (SOAR) capabilities were introduced with NetWitness Orchestrator. Building upon NetWitness’s strong foundation, this evolution resulted in the birth of the RSA NetWitness Platform, a comprehensive Threat Detection, Investigation, and Response solution.

But NetWitness’s story doesn’t stop here. The release of NetWitness 12.3 in the modern era of cybersecurity represents another remarkable milestone in its journey.

The 12.3 Release

NetWitness 12.3, the latest chapter in NetWitness’s evolution, offers unrivaled support for today’s modern workforce. This release ensures complete network visibility and threat detection, including remote workers and endpoints. It introduces an impressive array of cutting-edge features and integrations designed to meet the evolving demands of distributed enterprises head-on. The release is not just an incremental update but a giant leap in the evolution of cybersecurity operations.

With NetWitness 12.3, organizations gain unparalleled clarity and an enhanced ability to categorize and rank assets throughout their environment using advanced Machine Learning (ML) and Artificial Intelligence (AI). This release is a testament to NetWitness’s unwavering commitment to staying at the forefront of cybersecurity innovation.

NetWitness: A New Era

In 2023, NetWitness marked a defining moment in its history by announcing its separation from RSA. This move positions NetWitness as an independent entity, free to chart its own course and pursue its vision of cybersecurity excellence.

“We are thrilled to embark on this new chapter as an independent company. This separation will empower us to sharpen our focus on cybersecurity innovation, strengthen our partnerships, and better serve the evolving needs of our customers. We are committed to providing best-in-class solutions that help organizations stay ahead of cyber threats and protect their digital assets.”

– Ken Naumann, CEO, NetWitnes

As an independent entity, NetWitness remains unwavering in its commitment to investing in its people, technology, and processes. This dedication ensures that NetWitness maintains its position as a leader in the cybersecurity industry, delivering exceptional value to its customers and partners while fostering a culture of innovation and excellence.

At its core, NetWitness sees itself not just as a standalone company but as a dedicated partner, collaborating closely with its clients to safeguard their organizations, users, and clients. This commitment to partnership and a relentless focus on solving customer problems define NetWitness’s identity in this new era of independence.



Updated October 30th, 2023